[TUHS] History of chown semantics
szigiszabolcs at gmail.com
Tue Jan 14 02:53:03 AEST 2014
Well, with the same reasoning, we don't need passwords or protection bits
on files, since I can always take a piece of steel pipe and beat the owner,
until he gives out the data, so why bother?
Blocking chown for general users is one level of several controls. Given
the need, it is always possible to thwart an attack, with additional
controls. And of course, given a set of controls, is is always possible to
find an attack that will be successful. It all depends on the cost of the
protection, the attack and of the data being protected.
2014/1/13 John Cowan <cowan at mercury.ccil.org>
> Tim Bradshaw scripsit:
> > For instance imagine I want to pass some customer data to which I have
> > access to you, who con't have access, for purposes of malice.
> Download the file and mail it to me via anonymous remailer. Failing
> that, use your cell and take snapshots of the screen. Failing that,
> write down the data with pen and ink and send it by snail mail.
> If I own a file, I can always get the contents to you one way or another.
> Blocking chown doesn't help.
> Let's face it: software is crap. Feature-laden and bloated, written under
> tremendous time-pressure, often by incapable coders, using dangerous
> languages and inadequate tools, trying to connect to heaps of broken or
> obsolete protocols, implemented equally insufficiently, running on
> unpredictable hardware -- we are all more than used to brokenness.
> --Felix Winkelmann
> TUHS mailing list
> TUHS at minnie.tuhs.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TUHS